Director, Information Technology
Karman Space & Defense · Huntington Beach, CA · 1 wk ago
On-siteInformation TechnologyFull-time
CMMC, NIST, DFARS, and CUI Compliance
- Drive alignment with NIST 800-171, DFARS cybersecurity requirements, CUI handling expectations, and related defense industrial base compliance obligations.
- Own cybersecurity compliance planning, remediation tracking, evidence collection, policy alignment, and assessment readiness.
- Partner with site leaders, Engineering, Operations, Corporate Security, Legal, and IT teams to ensure CUI controls are practical, understood, and consistently executed.
- Coordinate with consultants, assessors, auditors, and internal stakeholders to support mock assessments, readiness reviews, and certification activities.
- Provide clear status reporting on CMMC progress, open risks, blockers, remediation needs, and required leadership decisions.
Cybersecurity Risk and Governance
- Establish and mature cybersecurity governance, risk management, policy, standards, and control processes.
- Identify, assess, prioritize, and communicate cybersecurity risks in business terms.
- Partner with the CIAIO and technology leadership team to ensure cybersecurity is embedded into technology strategy, enterprise platforms, infrastructure, AI enablement, and integration efforts.
- Support security and compliance considerations in vendor management, cloud platforms, ERP/business systems, M&A integration, and site standardization.
- Maintain discipline around cybersecurity exceptions, risk acceptance, remediation ownership, and executive visibility.
Identity, Vulnerability, and Security Operations
- Lead identity and access management risk oversight, including privileged access, account lifecycle controls, access reviews, and user access governance.
- Drive vulnerability management strategy, prioritization, remediation tracking, and SLA discipline.
- Partner with Infrastructure & Site Operations to strengthen endpoint security, network security, M365 / GCC High security posture, asset management, and monitoring.
- Improve operational security processes, including alert triage, incident escalation, control monitoring, and remediation follow-through.
- Help reduce security backlog and improve visibility into the highest-risk vulnerabilities and control gaps.
SOX ITGC, Audit, and Control Readiness
- Support IT compliance activities related to SOX IT general controls, including access management, change management, backup/recovery, system operations, and evidence production.
- Partner with Finance, Internal Audit, Business Systems, and external auditors to ensure IT controls are documented, repeatable, and audit-ready.
- Align CMMC, SOX, cybersecurity, and resilience activities where possible to reduce duplication and improve control efficiency.
- Establish repeatable processes for control testing, issue remediation, evidence management, and audit support.
Incident Response, Resilience, and Business Continuity
- Own cybersecurity incident response planning, playbooks, escalation protocols, tabletop exercises, and post-incident improvement actions.
- Partner with infrastructure, business systems, operations, and site leadership on disaster recovery, backup strategy, business continuity, and resilience planning.
- Ensure critical systems and regulated business processes have appropriate recovery and continuity plans.
- Improve organizational readiness to detect, respond to, recover from, and learn from cybersecurity incidents.
Team Leadership and Development
- Build, lead, and mature the Cybersecurity, Compliance & Resilience function.
- Provide leadership for cybersecurity GRC, security engineering, identity, vulnerability management, and incident response capabilities.
- Create a culture of accountability, urgency, transparency, compliance discipline, and practical risk management.
- Partner with peer technology leaders to stabilize, standardize, prioritize, and scale the broader CIAIO organization.